Fast Threat Detection with Big Data Security Business Intelligence

Intel IT’s security business intelligence (BI) platform incorporates a large-scale common logging service (CLS), real-time correlation engine, and various custom analytics platforms to deliver faster detection and response to security threats. The ability to implement custom analytics solutions enables our security team to filter and distill specific event logs from over 6 billion events recorded daily. The benefits include improved compliance, better protection of high-risk assets, and faster, more intelligent response to advanced persistent threats.

After operating a near-real-time correlation engine on smaller data sets for several years, we saw the need for a comprehensive log management solution capable of recording a full year of Intel’s server event log activity. The ability to analyze current logs and historical data helps investigators and threat management analysts better track and identify actionable events.